From b55f57c286e7ff27dc9b822dd65e2e93816c04ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Wed, 6 Nov 2024 14:05:11 +0100 Subject: [PATCH 01/11] feat: allow namespace overrides --- .../templates/NOTES.txt | 14 ++++---- .../templates/_helpers.tpl | 11 ++++++ .../templates/actionsmetrics.deployment.yaml | 2 +- .../templates/actionsmetrics.ingress.yaml.yml | 2 +- .../actionsmetrics.role_binding.yaml | 2 +- .../templates/actionsmetrics.secrets.yaml | 2 +- .../templates/actionsmetrics.service.yaml | 2 +- .../actionsmetrics.serviceaccount.yaml.yml | 2 +- .../actionsmetrics.servicemonitor.yaml.yml | 2 +- .../templates/auth_proxy_role_binding.yaml | 2 +- .../templates/certificate.yaml | 8 ++--- .../templates/controller.metrics.service.yaml | 2 +- .../controller.metrics.serviceMonitor.yaml | 2 +- .../templates/controller.pdb.yaml | 2 +- .../templates/deployment.yaml | 4 +-- .../templates/githubwebhook.deployment.yaml | 4 +-- .../templates/githubwebhook.ingress.yaml | 2 +- .../templates/githubwebhook.pdb.yaml | 2 +- .../templates/githubwebhook.role_binding.yaml | 2 +- .../templates/githubwebhook.secrets.yaml | 2 +- .../templates/githubwebhook.service.yaml | 2 +- .../githubwebhook.serviceMonitor.yaml | 2 +- .../githubwebhook.serviceaccount.yaml | 2 +- .../templates/leader_election_role.yaml | 2 +- .../leader_election_role_binding.yaml | 4 +-- .../templates/manager_role_binding.yaml | 2 +- .../manager_role_binding_secrets.yaml | 4 +-- .../templates/manager_secrets.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../templates/webhook_configs.yaml | 36 +++++++++---------- .../templates/webhook_service.yaml | 2 +- charts/actions-runner-controller/values.yaml | 3 ++ .../templates/_helpers.tpl | 13 ++++++- .../templates/deployment.yaml | 4 +-- .../templates/leader_election_role.yaml | 2 +- .../leader_election_role_binding.yaml | 4 +-- .../manager_cluster_role_binding.yaml | 2 +- .../templates/manager_listener_role.yaml | 2 +- .../manager_listener_role_binding.yaml | 4 +-- ...ager_single_namespace_controller_role.yaml | 2 +- ...gle_namespace_controller_role_binding.yaml | 4 +-- ...r_single_namespace_watch_role_binding.yaml | 2 +- .../templates/serviceaccount.yaml | 2 +- .../values.yaml | 3 ++ .../templates/_helpers.tpl | 18 +++++++--- .../templates/autoscalingrunnerset.yaml | 4 +-- .../templates/githubsecret.yaml | 2 +- .../templates/kube_mode_role.yaml | 2 +- .../templates/kube_mode_role_binding.yaml | 4 +-- .../templates/kube_mode_serviceaccount.yaml | 2 +- .../templates/manager_role.yaml | 2 +- .../templates/manager_role_binding.yaml | 2 +- .../no_permission_serviceaccount.yaml | 2 +- charts/gha-runner-scale-set/values.yaml | 3 ++ 54 files changed, 129 insertions(+), 90 deletions(-) diff --git a/charts/actions-runner-controller/templates/NOTES.txt b/charts/actions-runner-controller/templates/NOTES.txt index faf893f046..7282f4521b 100644 --- a/charts/actions-runner-controller/templates/NOTES.txt +++ b/charts/actions-runner-controller/templates/NOTES.txt @@ -6,17 +6,17 @@ {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "actions-runner-controller.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ include "actions-runner-controller.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "actions-runner-controller.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "actions-runner-controller.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "actions-runner-controller.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "actions-runner-controller.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running 'kubectl get --namespace {{ include "actions-runner-controller.namespace" . }} svc -w {{ include "actions-runner-controller.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "actions-runner-controller.namespace" . }} {{ include "actions-runner-controller.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "actions-runner-controller.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + export POD_NAME=$(kubectl get pods --namespace {{ include "actions-runner-controller.namespace" . }} -l "app.kubernetes.io/name={{ include "actions-runner-controller.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ include "actions-runner-controller.namespace" . }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT + kubectl --namespace {{ include "actions-runner-controller.namespace" . }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} diff --git a/charts/actions-runner-controller/templates/_helpers.tpl b/charts/actions-runner-controller/templates/_helpers.tpl index 68570f03d2..dca551498d 100644 --- a/charts/actions-runner-controller/templates/_helpers.tpl +++ b/charts/actions-runner-controller/templates/_helpers.tpl @@ -1,3 +1,14 @@ +{{/* +Allow overriding the namespace for the resources. +*/}} +{{- define "actions-runner-controller.namespace" -}} +{{- if .Values.namespaceOverride }} + {{- .Values.namespaceOverride }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + {{/* Expand the name of the chart. */}} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml b/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml index 676e247224..045acc0ad7 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: diff --git a/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml b/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml index 5b54993c39..5b147a5860 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml +++ b/charts/actions-runner-controller/templates/actionsmetrics.ingress.yaml.yml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.actionsMetricsServer.ingress.annotations }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml b/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml index 0b64ed5f11..d00f26ae6d 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- end }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml b/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml index a7128b4c31..3662826162 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller-actions-metrics-server.secretName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} type: Opaque diff --git a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml index 4ff8830b50..4c9732818d 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.service.yaml +++ b/charts/actions-runner-controller/templates/actionsmetrics.service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "actions-runner-controller-actions-metrics-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller-actions-metrics-server.selectorLabels" . | nindent 4 }} {{- if .Values.actionsMetricsServer.service.annotations }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml b/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml index 9ab1afc165..5b41e2e416 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml +++ b/charts/actions-runner-controller/templates/actionsmetrics.serviceaccount.yaml.yml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "actions-runner-controller-actions-metrics-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.actionsMetricsServer.serviceAccount.annotations }} diff --git a/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml b/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml index 7a8b7ecf74..b5b9bdacf7 100644 --- a/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml +++ b/charts/actions-runner-controller/templates/actionsmetrics.servicemonitor.yaml.yml @@ -1,5 +1,5 @@ {{- if and .Values.actionsMetricsServer.enabled .Values.actionsMetrics.serviceMonitor.enable }} -{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }} +{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default (include "actions-runner-controller.namespace" .) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml index b3061f76ac..076cdbeb2b 100644 --- a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml +++ b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- end }} diff --git a/charts/actions-runner-controller/templates/certificate.yaml b/charts/actions-runner-controller/templates/certificate.yaml index 25ddfa0f4b..fd77c685d1 100644 --- a/charts/actions-runner-controller/templates/certificate.yaml +++ b/charts/actions-runner-controller/templates/certificate.yaml @@ -6,7 +6,7 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: {{ include "actions-runner-controller.selfsignedIssuerName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: selfSigned: {} --- @@ -14,11 +14,11 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ include "actions-runner-controller.servingCertName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: dnsNames: - - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc - - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ .Release.Namespace }}.svc.cluster.local + - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ include "actions-runner-controller.namespace" . }}.svc + - {{ include "actions-runner-controller.webhookServiceName" . }}.{{ include "actions-runner-controller.namespace" . }}.svc.cluster.local issuerRef: kind: Issuer name: {{ include "actions-runner-controller.selfsignedIssuerName" . }} diff --git a/charts/actions-runner-controller/templates/controller.metrics.service.yaml b/charts/actions-runner-controller/templates/controller.metrics.service.yaml index 1dc422be51..b837d2cbc8 100644 --- a/charts/actions-runner-controller/templates/controller.metrics.service.yaml +++ b/charts/actions-runner-controller/templates/controller.metrics.service.yaml @@ -4,7 +4,7 @@ metadata: labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} name: {{ include "actions-runner-controller.metricsServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- with .Values.metrics.serviceAnnotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml index b1ab0d90d0..d919641617 100644 --- a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml +++ b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml @@ -8,7 +8,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} name: {{ include "actions-runner-controller.serviceMonitorName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: endpoints: - path: /metrics diff --git a/charts/actions-runner-controller/templates/controller.pdb.yaml b/charts/actions-runner-controller/templates/controller.pdb.yaml index 6831c4d60f..edd6d30096 100644 --- a/charts/actions-runner-controller/templates/controller.pdb.yaml +++ b/charts/actions-runner-controller/templates/controller.pdb.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} name: {{ include "actions-runner-controller.pdbName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: {{- if .Values.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} diff --git a/charts/actions-runner-controller/templates/deployment.yaml b/charts/actions-runner-controller/templates/deployment.yaml index 3490f98904..4e17a8548e 100644 --- a/charts/actions-runner-controller/templates/deployment.yaml +++ b/charts/actions-runner-controller/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: @@ -56,7 +56,7 @@ spec: - "--docker-registry-mirror={{ .Values.dockerRegistryMirror }}" {{- end }} {{- if .Values.scope.singleNamespace }} - - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}" + - "--watch-namespace={{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}" {{- end }} {{- if .Values.logLevel }} - "--log-level={{ .Values.logLevel }}" diff --git a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml index d778cba876..a410842989 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller-github-webhook-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: @@ -43,7 +43,7 @@ spec: - "--log-level={{ .Values.githubWebhookServer.logLevel }}" {{- end }} {{- if .Values.scope.singleNamespace }} - - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}" + - "--watch-namespace={{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }}" {{- end }} {{- if .Values.runnerGithubURL }} - "--runner-github-url={{ .Values.runnerGithubURL }}" diff --git a/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml b/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml index 48baa76323..a3adef61dd 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.ingress.yaml @@ -5,7 +5,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.githubWebhookServer.ingress.annotations }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml b/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml index cb8d530460..3853c2d772 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.pdb.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} name: {{ include "actions-runner-controller-github-webhook-server.pdbName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} spec: {{- if .Values.githubWebhookServer.podDisruptionBudget.minAvailable }} minAvailable: {{ .Values.githubWebhookServer.podDisruptionBudget.minAvailable }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml b/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml index 24a69456de..131da806cd 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller-github-webhook-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- end }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml b/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml index e1fbc28502..e980d62e2d 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.secrets.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller-github-webhook-server.secretName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} type: Opaque diff --git a/charts/actions-runner-controller/templates/githubwebhook.service.yaml b/charts/actions-runner-controller/templates/githubwebhook.service.yaml index 6ec28acfe1..441ebdd1ef 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.service.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "actions-runner-controller-github-webhook-server.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 4 }} {{- if .Values.githubWebhookServer.service.annotations }} diff --git a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml index 594d43c540..078e41c36e 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml @@ -1,5 +1,5 @@ {{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor.enable }} -{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default .Release.Namespace }} +{{- $servicemonitornamespace := .Values.actionsMetrics.serviceMonitor.namespace | default (include "actions-runner-controller.namespace" .) }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml b/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml index e7db91a2be..d280ef4e81 100644 --- a/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml +++ b/charts/actions-runner-controller/templates/githubwebhook.serviceaccount.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "actions-runner-controller-github-webhook-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.githubWebhookServer.serviceAccount.annotations }} diff --git a/charts/actions-runner-controller/templates/leader_election_role.yaml b/charts/actions-runner-controller/templates/leader_election_role.yaml index 9a2890cc61..dbd5fbca69 100644 --- a/charts/actions-runner-controller/templates/leader_election_role.yaml +++ b/charts/actions-runner-controller/templates/leader_election_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "actions-runner-controller.leaderElectionRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} rules: - apiGroups: - "" diff --git a/charts/actions-runner-controller/templates/leader_election_role_binding.yaml b/charts/actions-runner-controller/templates/leader_election_role_binding.yaml index 328e9dab6e..b28e893d93 100644 --- a/charts/actions-runner-controller/templates/leader_election_role_binding.yaml +++ b/charts/actions-runner-controller/templates/leader_election_role_binding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "actions-runner-controller.leaderElectionRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} diff --git a/charts/actions-runner-controller/templates/manager_role_binding.yaml b/charts/actions-runner-controller/templates/manager_role_binding.yaml index c51b4d9775..e587f77d89 100644 --- a/charts/actions-runner-controller/templates/manager_role_binding.yaml +++ b/charts/actions-runner-controller/templates/manager_role_binding.yaml @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} diff --git a/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml b/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml index 9b7132cf85..5b1677880e 100644 --- a/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml +++ b/charts/actions-runner-controller/templates/manager_role_binding_secrets.yaml @@ -6,7 +6,7 @@ kind: ClusterRoleBinding {{- end }} metadata: name: {{ include "actions-runner-controller.managerRoleName" . }}-secrets - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io {{- if .Values.scope.singleNamespace }} @@ -18,4 +18,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} diff --git a/charts/actions-runner-controller/templates/manager_secrets.yaml b/charts/actions-runner-controller/templates/manager_secrets.yaml index 7d95c5cfdb..8545eab480 100644 --- a/charts/actions-runner-controller/templates/manager_secrets.yaml +++ b/charts/actions-runner-controller/templates/manager_secrets.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller.secretName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} {{- if .Values.authSecret.annotations }} annotations: {{ toYaml .Values.authSecret.annotations | nindent 4 }} diff --git a/charts/actions-runner-controller/templates/serviceaccount.yaml b/charts/actions-runner-controller/templates/serviceaccount.yaml index 221ac16320..1ca9839eee 100644 --- a/charts/actions-runner-controller/templates/serviceaccount.yaml +++ b/charts/actions-runner-controller/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "actions-runner-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/actions-runner-controller/templates/webhook_configs.yaml b/charts/actions-runner-controller/templates/webhook_configs.yaml index 757c626a8c..71f984f39a 100644 --- a/charts/actions-runner-controller/templates/webhook_configs.yaml +++ b/charts/actions-runner-controller/templates/webhook_configs.yaml @@ -2,7 +2,7 @@ We will use a self managed CA if one is not provided by cert-manager */}} {{- $ca := genCA "actions-runner-ca" 3650 }} -{{- $cert := genSignedCert (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) .Release.Namespace) nil (list (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) .Release.Namespace)) 3650 $ca }} +{{- $cert := genSignedCert (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) (include "actions-runner-controller.namespace" .)) nil (list (printf "%s.%s.svc" (include "actions-runner-controller.webhookServiceName" .) (include "actions-runner-controller.namespace" .))) 3650 $ca }} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -11,7 +11,7 @@ metadata: name: {{ include "actions-runner-controller.fullname" . }}-mutating-webhook-configuration {{- if .Values.certManagerEnabled }} annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "actions-runner-controller.servingCertName" . }} + cert-manager.io/inject-ca-from: {{ include "actions-runner-controller.namespace" . }}/{{ include "actions-runner-controller.servingCertName" . }} {{- end }} webhooks: - admissionReviewVersions: @@ -19,7 +19,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -29,7 +29,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-actions-summerwind-dev-v1alpha1-runner failurePolicy: Fail name: mutate.runner.actions.summerwind.dev @@ -50,7 +50,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -60,7 +60,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-actions-summerwind-dev-v1alpha1-runnerdeployment failurePolicy: Fail name: mutate.runnerdeployment.actions.summerwind.dev @@ -81,7 +81,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -91,7 +91,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-actions-summerwind-dev-v1alpha1-runnerreplicaset failurePolicy: Fail name: mutate.runnerreplicaset.actions.summerwind.dev @@ -112,7 +112,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -122,7 +122,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /mutate-runner-set-pod failurePolicy: Fail name: mutate-runner-pod.webhook.actions.summerwind.dev @@ -148,7 +148,7 @@ metadata: name: {{ include "actions-runner-controller.fullname" . }}-validating-webhook-configuration {{- if .Values.certManagerEnabled }} annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "actions-runner-controller.servingCertName" . }} + cert-manager.io/inject-ca-from: {{ include "actions-runner-controller.namespace" . }}/{{ include "actions-runner-controller.servingCertName" . }} {{- end }} webhooks: - admissionReviewVersions: @@ -156,7 +156,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -166,7 +166,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /validate-actions-summerwind-dev-v1alpha1-runner failurePolicy: Fail name: validate.runner.actions.summerwind.dev @@ -187,7 +187,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -197,7 +197,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /validate-actions-summerwind-dev-v1alpha1-runnerdeployment failurePolicy: Fail name: validate.runnerdeployment.actions.summerwind.dev @@ -218,7 +218,7 @@ webhooks: {{- if .Values.scope.singleNamespace }} namespaceSelector: matchLabels: - kubernetes.io/metadata.name: {{ default .Release.Namespace .Values.scope.watchNamespace }} + kubernetes.io/metadata.name: {{ default (include "actions-runner-controller.namespace" .) .Values.scope.watchNamespace }} {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} @@ -228,7 +228,7 @@ webhooks: {{- end }} service: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} path: /validate-actions-summerwind-dev-v1alpha1-runnerreplicaset failurePolicy: Fail name: validate.runnerreplicaset.actions.summerwind.dev @@ -250,7 +250,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "actions-runner-controller.servingCertName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} type: kubernetes.io/tls diff --git a/charts/actions-runner-controller/templates/webhook_service.yaml b/charts/actions-runner-controller/templates/webhook_service.yaml index 41425f42cb..e9757cfc8d 100644 --- a/charts/actions-runner-controller/templates/webhook_service.yaml +++ b/charts/actions-runner-controller/templates/webhook_service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "actions-runner-controller.webhookServiceName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "actions-runner-controller.namespace" . }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} {{- with .Values.service.annotations }} diff --git a/charts/actions-runner-controller/values.yaml b/charts/actions-runner-controller/values.yaml index 25da151516..fff18cc01e 100644 --- a/charts/actions-runner-controller/values.yaml +++ b/charts/actions-runner-controller/values.yaml @@ -420,3 +420,6 @@ actionsMetricsServer: # - chart-example.local terminationGracePeriodSeconds: 10 lifecycle: {} + +# Add the option to deploy in another namespace rather than .Release.Namespace. +namespaceOverride: "" diff --git a/charts/gha-runner-scale-set-controller/templates/_helpers.tpl b/charts/gha-runner-scale-set-controller/templates/_helpers.tpl index 075d21ae32..65c5315e46 100644 --- a/charts/gha-runner-scale-set-controller/templates/_helpers.tpl +++ b/charts/gha-runner-scale-set-controller/templates/_helpers.tpl @@ -7,6 +7,17 @@ Expand the name of the chart. gha-rs-controller {{- end }} +{{/* +Allow overriding the namespace for the resources. +*/}} +{{- define "gha-runner-scale-set-controller.namespace" -}} +{{- if .Values.namespaceOverride }} + {{- .Values.namespaceOverride }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} + {{- define "gha-runner-scale-set-controller.name" -}} {{- default (include "gha-base-name" .) .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -57,7 +68,7 @@ Selector labels */}} {{- define "gha-runner-scale-set-controller.selectorLabels" -}} app.kubernetes.io/name: {{ include "gha-runner-scale-set-controller.name" . }} -app.kubernetes.io/namespace: {{ .Release.Namespace }} +app.kubernetes.io/namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} diff --git a/charts/gha-runner-scale-set-controller/templates/deployment.yaml b/charts/gha-runner-scale-set-controller/templates/deployment.yaml index 66b9a4b513..770aceec9a 100644 --- a/charts/gha-runner-scale-set-controller/templates/deployment.yaml +++ b/charts/gha-runner-scale-set-controller/templates/deployment.yaml @@ -2,10 +2,10 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gha-runner-scale-set-controller.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} labels: {{- include "gha-runner-scale-set-controller.labels" . | nindent 4 }} - actions.github.com/controller-service-account-namespace: {{ .Release.Namespace }} + actions.github.com/controller-service-account-namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} actions.github.com/controller-service-account-name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} {{- if .Values.flags.watchSingleNamespace }} actions.github.com/controller-watch-single-namespace: {{ .Values.flags.watchSingleNamespace }} diff --git a/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml b/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml index e23e0226c0..02e0b415e7 100644 --- a/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/leader_election_role.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set-controller.leaderElectionRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] diff --git a/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml index 85effd27f2..16d38388e9 100644 --- a/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/leader_election_role_binding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set-controller.leaderElectionRoleBinding" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -11,5 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml index 041d73a935..60291d21e9 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_cluster_role_binding.yaml @@ -10,5 +10,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml b/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml index 86a937776f..a238d5fc9c 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_listener_role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set-controller.managerListenerRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} rules: - apiGroups: - "" diff --git a/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml index 8a2f7f95a4..efc66b574b 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_listener_role_binding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set-controller.managerListenerRoleBinding" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -10,4 +10,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml index 7fd6e98850..c486a79bce 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} rules: - apiGroups: - actions.github.com diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml index 3423b9ddc9..3bb5247e70 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_controller_role_binding.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set-controller.managerSingleNamespaceRoleBinding" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -11,5 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} \ No newline at end of file diff --git a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml index 679233581b..c4810b7ae9 100644 --- a/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml +++ b/charts/gha-runner-scale-set-controller/templates/manager_single_namespace_watch_role_binding.yaml @@ -11,5 +11,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} {{- end }} diff --git a/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml b/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml index 5d3bbf3f69..7bc4b2a849 100644 --- a/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml +++ b/charts/gha-runner-scale-set-controller/templates/serviceaccount.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set-controller.namespace" . }} labels: {{- include "gha-runner-scale-set-controller.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/gha-runner-scale-set-controller/values.yaml b/charts/gha-runner-scale-set-controller/values.yaml index 8e74317e45..7b9ae55875 100644 --- a/charts/gha-runner-scale-set-controller/values.yaml +++ b/charts/gha-runner-scale-set-controller/values.yaml @@ -130,3 +130,6 @@ flags: ## Labels that match prefix specified in the list are excluded from propagation. # excludeLabelPropagationPrefixes: # - "argocd.argoproj.io/instance" + +# Add the option to deploy in another namespace rather than .Release.Namespace. +namespaceOverride: "" diff --git a/charts/gha-runner-scale-set/templates/_helpers.tpl b/charts/gha-runner-scale-set/templates/_helpers.tpl index bd71ed64c9..c65b4a1f14 100644 --- a/charts/gha-runner-scale-set/templates/_helpers.tpl +++ b/charts/gha-runner-scale-set/templates/_helpers.tpl @@ -43,7 +43,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: gha-rs actions.github.com/scale-set-name: {{ include "gha-runner-scale-set.scale-set-name" . }} -actions.github.com/scale-set-namespace: {{ .Release.Namespace }} +actions.github.com/scale-set-namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- end }} {{/* @@ -481,8 +481,8 @@ volumeMounts: {{- $managerServiceAccountName = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-name") }} {{- end }} {{- else if gt $singleNamespaceCounter 0 }} - {{- if hasKey $singleNamespaceControllerDeployments .Release.Namespace }} - {{- $controllerDeployment = get $singleNamespaceControllerDeployments .Release.Namespace }} + {{- if hasKey $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} + {{- $controllerDeployment = get $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} {{- with $controllerDeployment.metadata }} {{- $managerServiceAccountName = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-name") }} {{- end }} @@ -538,8 +538,8 @@ volumeMounts: {{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }} {{- end }} {{- else if gt $singleNamespaceCounter 0 }} - {{- if hasKey $singleNamespaceControllerDeployments .Release.Namespace }} - {{- $controllerDeployment = get $singleNamespaceControllerDeployments .Release.Namespace }} + {{- if hasKey $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} + {{- $controllerDeployment = get $singleNamespaceControllerDeployments (include "gha-runner-scale-set.namespace" .) }} {{- with $controllerDeployment.metadata }} {{- $managerServiceAccountNamespace = (get $controllerDeployment.metadata.labels "actions.github.com/controller-service-account-namespace") }} {{- end }} @@ -553,3 +553,11 @@ volumeMounts: {{- $managerServiceAccountNamespace }} {{- end }} {{- end }} + +{{- define "gha-runner-scale-set.namespace" -}} +{{- if .Values.namespaceOverride }} + {{- .Values.namespaceOverride }} +{{- else }} + {{- .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml index 39ebfef800..c105fc7d43 100644 --- a/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml +++ b/charts/gha-runner-scale-set/templates/autoscalingrunnerset.yaml @@ -4,11 +4,11 @@ metadata: {{- if or (not (include "gha-runner-scale-set.scale-set-name" .)) (gt (len (include "gha-runner-scale-set.scale-set-name" .)) 45) }} {{ fail "Name must have up to 45 characters" }} {{- end }} - {{- if gt (len .Release.Namespace) 63 }} + {{- if gt (len (include "gha-runner-scale-set.namespace" .)) 63 }} {{ fail "Namespace must have up to 63 characters" }} {{- end }} name: {{ include "gha-runner-scale-set.scale-set-name" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: app.kubernetes.io/component: "autoscaling-runner-set" {{- include "gha-runner-scale-set.labels" . | nindent 4 }} diff --git a/charts/gha-runner-scale-set/templates/githubsecret.yaml b/charts/gha-runner-scale-set/templates/githubsecret.yaml index 67282c182b..1160a319a2 100644 --- a/charts/gha-runner-scale-set/templates/githubsecret.yaml +++ b/charts/gha-runner-scale-set/templates/githubsecret.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "gha-runner-scale-set.githubsecret" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- include "gha-runner-scale-set.labels" . | nindent 4 }} finalizers: diff --git a/charts/gha-runner-scale-set/templates/kube_mode_role.yaml b/charts/gha-runner-scale-set/templates/kube_mode_role.yaml index e82d7b7713..ec84f22c9b 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_role.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_role.yaml @@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set.kubeModeRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} finalizers: - actions.github.com/cleanup-protection rules: diff --git a/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml b/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml index 060b9399e5..f36d6a6101 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_role_binding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set.kubeModeRoleBindingName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} finalizers: - actions.github.com/cleanup-protection roleRef: @@ -14,5 +14,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- end }} diff --git a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml index d0fa4b085c..09e58f03ad 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- if .Values.containerMode.kubernetesModeServiceAccount }} {{- with .Values.containerMode.kubernetesModeServiceAccount.annotations }} annotations: diff --git a/charts/gha-runner-scale-set/templates/manager_role.yaml b/charts/gha-runner-scale-set/templates/manager_role.yaml index f6a1e49383..6a82f95975 100644 --- a/charts/gha-runner-scale-set/templates/manager_role.yaml +++ b/charts/gha-runner-scale-set/templates/manager_role.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set.managerRoleName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- include "gha-runner-scale-set.labels" . | nindent 4 }} app.kubernetes.io/component: manager-role diff --git a/charts/gha-runner-scale-set/templates/manager_role_binding.yaml b/charts/gha-runner-scale-set/templates/manager_role_binding.yaml index ce212f77e2..7f138bdd82 100644 --- a/charts/gha-runner-scale-set/templates/manager_role_binding.yaml +++ b/charts/gha-runner-scale-set/templates/manager_role_binding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "gha-runner-scale-set.managerRoleBindingName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- include "gha-runner-scale-set.labels" . | nindent 4 }} app.kubernetes.io/component: manager-role-binding diff --git a/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml b/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml index f7c9700f1a..3ac63ec21f 100644 --- a/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml +++ b/charts/gha-runner-scale-set/templates/no_permission_serviceaccount.yaml @@ -4,7 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set.noPermissionServiceAccountName" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} labels: {{- include "gha-runner-scale-set.labels" . | nindent 4 }} finalizers: diff --git a/charts/gha-runner-scale-set/values.yaml b/charts/gha-runner-scale-set/values.yaml index 6018b7d0e5..565db3d881 100644 --- a/charts/gha-runner-scale-set/values.yaml +++ b/charts/gha-runner-scale-set/values.yaml @@ -201,3 +201,6 @@ template: # controllerServiceAccount: # namespace: arc-system # name: test-arc-gha-runner-scale-set-controller + +# Add the option to deploy in another namespace rather than .Release.Namespace. +namespaceOverride: "" From b3624a031b3927af9418dece46125ad29e5aa05b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Wed, 5 Mar 2025 14:49:30 +0100 Subject: [PATCH 02/11] fix: CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jesús Fernández <7312236+fernandezcuesta@users.noreply.github.com> --- charts/gha-runner-scale-set-controller/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/gha-runner-scale-set-controller/values.yaml b/charts/gha-runner-scale-set-controller/values.yaml index 880837da1f..be1a4758a9 100644 --- a/charts/gha-runner-scale-set-controller/values.yaml +++ b/charts/gha-runner-scale-set-controller/values.yaml @@ -136,7 +136,6 @@ flags: # excludeLabelPropagationPrefixes: # - "argocd.argoproj.io/instance" - # Add the option to deploy in another namespace rather than .Release.Namespace. namespaceOverride: "" From e0e53ab7ebc9ff5cab2a5ebcaa49e7afb7c4af5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Fri, 7 Mar 2025 11:42:03 +0100 Subject: [PATCH 03/11] fix: add tests as per PR review --- .../tests/template_test.go | 39 ++++++++++++++++++ .../values.yaml | 2 +- .../tests/template_test.go | 41 +++++++++++++++++++ 3 files changed, 81 insertions(+), 1 deletion(-) diff --git a/charts/gha-runner-scale-set-controller/tests/template_test.go b/charts/gha-runner-scale-set-controller/tests/template_test.go index c1efe29373..548faba417 100644 --- a/charts/gha-runner-scale-set-controller/tests/template_test.go +++ b/charts/gha-runner-scale-set-controller/tests/template_test.go @@ -1078,3 +1078,42 @@ func TestDeployment_excludeLabelPropagationPrefixes(t *testing.T) { assert.Contains(t, container.Args, "--exclude-label-propagation-prefix=prefix.com/") assert.Contains(t, container.Args, "--exclude-label-propagation-prefix=complete.io/label") } +func TestNamespaceOverride(t *testing.T) { + t.Parallel() + + chartPath := "../../gha-runner-scale-set-controller" + + releaseName := "test" + releaseNamespace := "test-" + strings.ToLower(random.UniqueId()) + namespaceOverride := "test-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + } + templateFiles, err := os.ReadDir(filepath.Join(chartPath, "templates")) + require.NoError(t, err) + + for _, f := range templateFiles { + if filepath.Ext(f.Name()) != ".yaml" && filepath.Ext(f.Name()) != ".yml" { + continue + } + templateFile := filepath.Join("templates", f.Name()) + output, err := helm.RenderTemplateE(t, options, chartPath, releaseName, []string{templateFile}) + + if err != nil { + // template is conditional or has dependencies, skip + continue + } + + var renderedObject map[string]interface{} + helm.UnmarshalK8SYaml(t, output, &renderedObject) + + if renderedObject["metadata"].(map[string]interface{})["namespace"] != nil { + assert.Equal(t, namespaceOverride, renderedObject["metadata"].(map[string]interface{})["namespace"], fmt.Sprintf("template %s from chart %s should have namespace %s", f.Name(), chartPath, namespaceOverride)) + } + } +} diff --git a/charts/gha-runner-scale-set-controller/values.yaml b/charts/gha-runner-scale-set-controller/values.yaml index be1a4758a9..fb54ed9924 100644 --- a/charts/gha-runner-scale-set-controller/values.yaml +++ b/charts/gha-runner-scale-set-controller/values.yaml @@ -136,7 +136,7 @@ flags: # excludeLabelPropagationPrefixes: # - "argocd.argoproj.io/instance" -# Add the option to deploy in another namespace rather than .Release.Namespace. +# Overrides the default `.Release.Namespace` for all resources in this chart. namespaceOverride: "" ## Defines the K8s client rate limiter parameters. diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index 8f5a833ee5..7beac6bc54 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -2,6 +2,7 @@ package tests import ( "fmt" + "os" "path/filepath" "strings" "testing" @@ -2143,3 +2144,43 @@ func TestAutoscalingRunnerSetAnnotationValuesHash(t *testing.T) { assert.NotEqual(t, firstHash, secondHash) assert.LessOrEqual(t, len(secondHash), 63) } + +func TestNamespaceOverride(t *testing.T) { + t.Parallel() + + chartPath := "../../gha-runner-scale-set" + + releaseName := "test" + releaseNamespace := "test-" + strings.ToLower(random.UniqueId()) + namespaceOverride := "test-" + strings.ToLower(random.UniqueId()) + + options := &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + } + templateFiles, err := os.ReadDir(filepath.Join(chartPath, "templates")) + require.NoError(t, err) + + for _, f := range templateFiles { + if filepath.Ext(f.Name()) != ".yaml" && filepath.Ext(f.Name()) != ".yml" { + continue + } + templateFile := filepath.Join("templates", f.Name()) + output, err := helm.RenderTemplateE(t, options, chartPath, releaseName, []string{templateFile}) + + if err != nil { + // template is conditional or has dependencies, skip + continue + } + + var renderedObject map[string]interface{} + helm.UnmarshalK8SYaml(t, output, &renderedObject) + + if renderedObject["metadata"].(map[string]interface{})["namespace"] != nil { + assert.Equal(t, namespaceOverride, renderedObject["metadata"].(map[string]interface{})["namespace"], fmt.Sprintf("template %s from chart %s should have namespace %s", f.Name(), chartPath, namespaceOverride)) + } + } +} From 5536c69319006a0da06e4d8aaf5e8b60e52327fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=2E=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Fri, 7 Mar 2025 11:48:28 +0100 Subject: [PATCH 04/11] Update charts/gha-runner-scale-set/values.yaml Co-authored-by: Nikola Jokic --- charts/gha-runner-scale-set/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gha-runner-scale-set/values.yaml b/charts/gha-runner-scale-set/values.yaml index b56151c4c7..262b572338 100644 --- a/charts/gha-runner-scale-set/values.yaml +++ b/charts/gha-runner-scale-set/values.yaml @@ -217,5 +217,5 @@ template: # namespace: arc-system # name: test-arc-gha-runner-scale-set-controller -# Add the option to deploy in another namespace rather than .Release.Namespace. +# Overrides the default `.Release.Namespace` for all resources in this chart. namespaceOverride: "" From 319962a30a2eb9d1e5f8f7d3ab91cd83c32ca71a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Fri, 7 Mar 2025 13:49:02 +0100 Subject: [PATCH 05/11] fixup --- charts/gha-runner-scale-set/templates/kube_mode_role.yaml | 4 ++++ .../templates/kube_mode_serviceaccount.yaml | 1 + 2 files changed, 5 insertions(+) diff --git a/charts/gha-runner-scale-set/templates/kube_mode_role.yaml b/charts/gha-runner-scale-set/templates/kube_mode_role.yaml index df11a1f6ee..038307c1d0 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_role.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_role.yaml @@ -6,6 +6,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "gha-runner-scale-set.kubeModeRoleName" . }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} + labels: + {{- with .Values.labels }} {{- toYaml . | nindent 4 }} {{- end }} {{- if $hasCustomResourceMeta }} @@ -23,6 +26,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} + finalizers: - actions.github.com/cleanup-protection rules: - apiGroups: [""] diff --git a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml index 446ab56871..5286ff50ef 100644 --- a/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml +++ b/charts/gha-runner-scale-set/templates/kube_mode_serviceaccount.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "gha-runner-scale-set.kubeModeServiceAccountName" . }} + namespace: {{ include "gha-runner-scale-set.namespace" . }} {{- if or .Values.annotations $hasCustomResourceMeta }} annotations: {{- with .Values.annotations }} From 79bc36740a933e1cd6cc5f31edf5212bf5b32bd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Fri, 7 Mar 2025 15:54:23 +0100 Subject: [PATCH 06/11] fix: tests --- .../tests/template_test.go | 92 ++++++++++++-- .../tests/template_test.go | 118 ++++++++++++++++-- 2 files changed, 191 insertions(+), 19 deletions(-) diff --git a/charts/gha-runner-scale-set-controller/tests/template_test.go b/charts/gha-runner-scale-set-controller/tests/template_test.go index 548faba417..7dfc9e0dae 100644 --- a/charts/gha-runner-scale-set-controller/tests/template_test.go +++ b/charts/gha-runner-scale-set-controller/tests/template_test.go @@ -1087,33 +1087,105 @@ func TestNamespaceOverride(t *testing.T) { releaseNamespace := "test-" + strings.ToLower(random.UniqueId()) namespaceOverride := "test-" + strings.ToLower(random.UniqueId()) - options := &helm.Options{ - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, + mustNotHaveNamespaceOverriden := []string{ + "manager_single_namespace_watch_role", + "manager_single_namespace_watch_role_binding", + } + options := map[string]*helm.Options{ + "_": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "leader_election_role": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "leader_election_role_binding": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "manager_single_namespace_controller_role": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "true", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "manager_single_namespace_controller_role_binding": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "true", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "manager_single_namespace_watch_role": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "true", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "manager_single_namespace_watch_role_binding": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "true", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), } templateFiles, err := os.ReadDir(filepath.Join(chartPath, "templates")) require.NoError(t, err) for _, f := range templateFiles { - if filepath.Ext(f.Name()) != ".yaml" && filepath.Ext(f.Name()) != ".yml" { + fileExtension := filepath.Ext(f.Name()) + if fileExtension != ".yaml" && fileExtension != ".yml" { continue } templateFile := filepath.Join("templates", f.Name()) - output, err := helm.RenderTemplateE(t, options, chartPath, releaseName, []string{templateFile}) + opts := options["_"] + for k := range options { + if strings.TrimSuffix(f.Name(), fileExtension) == k { + opts = options[k] + break + } + } + output, err := helm.RenderTemplateE(t, opts, chartPath, releaseName, []string{templateFile}) if err != nil { - // template is conditional or has dependencies, skip - continue + t.Errorf("Error rendering template %s from chart %s: %s", f.Name(), chartPath, err) } var renderedObject map[string]interface{} helm.UnmarshalK8SYaml(t, output, &renderedObject) if renderedObject["metadata"].(map[string]interface{})["namespace"] != nil { - assert.Equal(t, namespaceOverride, renderedObject["metadata"].(map[string]interface{})["namespace"], fmt.Sprintf("template %s from chart %s should have namespace %s", f.Name(), chartPath, namespaceOverride)) + mustHaveNamespaceOverriden := true + for _, ignoredItem := range mustNotHaveNamespaceOverriden { + if strings.TrimSuffix(f.Name(), fileExtension) == ignoredItem { + mustHaveNamespaceOverriden = false + break + } + } + if mustHaveNamespaceOverriden { + assert.Equal(t, namespaceOverride, renderedObject["metadata"].(map[string]interface{})["namespace"], fmt.Sprintf("template %s from chart %s should have namespace %s", f.Name(), chartPath, namespaceOverride)) + } else { + assert.NotEqual(t, namespaceOverride, renderedObject["metadata"].(map[string]interface{})["namespace"], fmt.Sprintf("template %s from chart %s should not have namespace %s", f.Name(), chartPath, namespaceOverride)) + } } } } diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index d7d8c7b0e0..d676e43843 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -2326,26 +2326,126 @@ func TestNamespaceOverride(t *testing.T) { releaseNamespace := "test-" + strings.ToLower(random.UniqueId()) namespaceOverride := "test-" + strings.ToLower(random.UniqueId()) - options := &helm.Options{ - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, + options := map[string]*helm.Options{ + "_": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "manager_role": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "manager_role_binding": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "no_permission_serviceaccount": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "autoscalingrunnerset": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "githubsecret": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "kube_mode_role": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "containerMode.type": "kubernetes", + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "kube_mode_role_binding": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "containerMode.type": "kubernetes", + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + "kube_mode_serviceaccount": { + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "containerMode.type": "kubernetes", + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), } templateFiles, err := os.ReadDir(filepath.Join(chartPath, "templates")) require.NoError(t, err) for _, f := range templateFiles { - if filepath.Ext(f.Name()) != ".yaml" && filepath.Ext(f.Name()) != ".yml" { + fileExtension := filepath.Ext(f.Name()) + if fileExtension != ".yaml" && fileExtension != ".yml" { continue } templateFile := filepath.Join("templates", f.Name()) - output, err := helm.RenderTemplateE(t, options, chartPath, releaseName, []string{templateFile}) + opts := options["_"] + for k := range options { + if strings.TrimSuffix(f.Name(), fileExtension) == k { + opts = options[k] + break + } + } + output, err := helm.RenderTemplateE(t, opts, chartPath, releaseName, []string{templateFile}) if err != nil { - // template is conditional or has dependencies, skip - continue + t.Errorf("Error rendering template %s from chart %s: %s", f.Name(), chartPath, err) } var renderedObject map[string]interface{} From 9880df4a6854969a9829f145e52135315743ea4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=2E=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Fri, 7 Mar 2025 18:22:40 +0100 Subject: [PATCH 07/11] Update charts/gha-runner-scale-set/tests/template_test.go Co-authored-by: Nikola Jokic --- .../tests/template_test.go | 210 +++++++++--------- 1 file changed, 110 insertions(+), 100 deletions(-) diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index d676e43843..c113b6c306 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -2326,133 +2326,143 @@ func TestNamespaceOverride(t *testing.T) { releaseNamespace := "test-" + strings.ToLower(random.UniqueId()) namespaceOverride := "test-" + strings.ToLower(random.UniqueId()) - options := map[string]*helm.Options{ - "_": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), - }, + tt := map[string]struct { + file string + options *helm.Options + }{ "manager_role": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "controllerServiceAccount.name": "foo", - "controllerServiceAccount.namespace": "bar", - "githubConfigSecret.github_token": "gh_token12345", - "githubConfigUrl": "https://github.com", + file: "manager_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, "manager_role_binding": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "controllerServiceAccount.name": "foo", - "controllerServiceAccount.namespace": "bar", - "githubConfigSecret.github_token": "gh_token12345", - "githubConfigUrl": "https://github.com", + file: "manager_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, "no_permission_serviceaccount": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "controllerServiceAccount.name": "foo", - "controllerServiceAccount.namespace": "bar", - "githubConfigSecret.github_token": "gh_token12345", - "githubConfigUrl": "https://github.com", + file: "no_permission_serviceaccount.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, "autoscalingrunnerset": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "controllerServiceAccount.name": "foo", - "controllerServiceAccount.namespace": "bar", - "githubConfigSecret.github_token": "gh_token12345", - "githubConfigUrl": "https://github.com", + file: "autoscalingrunnerset.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, "githubsecret": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "controllerServiceAccount.name": "foo", - "controllerServiceAccount.namespace": "bar", - "githubConfigSecret.github_token": "gh_token12345", - "githubConfigUrl": "https://github.com", + file: "githubsecret.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, "kube_mode_role": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "containerMode.type": "kubernetes", - "controllerServiceAccount.name": "foo", - "controllerServiceAccount.namespace": "bar", - "githubConfigSecret.github_token": "gh_token12345", - "githubConfigUrl": "https://github.com", + file: "kube_mode_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "containerMode.type": "kubernetes", + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, "kube_mode_role_binding": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "containerMode.type": "kubernetes", - "controllerServiceAccount.name": "foo", - "controllerServiceAccount.namespace": "bar", - "githubConfigSecret.github_token": "gh_token12345", - "githubConfigUrl": "https://github.com", + file: "kube_mode_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "containerMode.type": "kubernetes", + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, "kube_mode_serviceaccount": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "containerMode.type": "kubernetes", - "controllerServiceAccount.name": "foo", - "controllerServiceAccount.namespace": "bar", - "githubConfigSecret.github_token": "gh_token12345", - "githubConfigUrl": "https://github.com", + file: "kube_mode_serviceaccount.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "containerMode.type": "kubernetes", + "controllerServiceAccount.name": "foo", + "controllerServiceAccount.namespace": "bar", + "githubConfigSecret.github_token": "gh_token12345", + "githubConfigUrl": "https://github.com", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, } - templateFiles, err := os.ReadDir(filepath.Join(chartPath, "templates")) - require.NoError(t, err) - for _, f := range templateFiles { - fileExtension := filepath.Ext(f.Name()) - if fileExtension != ".yaml" && fileExtension != ".yml" { - continue - } - templateFile := filepath.Join("templates", f.Name()) - opts := options["_"] - for k := range options { - if strings.TrimSuffix(f.Name(), fileExtension) == k { - opts = options[k] - break - } - } - output, err := helm.RenderTemplateE(t, opts, chartPath, releaseName, []string{templateFile}) - - if err != nil { - t.Errorf("Error rendering template %s from chart %s: %s", f.Name(), chartPath, err) - } + for name, tc := range tt { + t.Run(name, func(t *testing.T) { + t.Parallel() + templateFile := filepath.Join("templates", tc.file) - var renderedObject map[string]interface{} - helm.UnmarshalK8SYaml(t, output, &renderedObject) + output, err := helm.RenderTemplateE(t, tc.options, chartPath, releaseName, []string{templateFile}) + if err != nil { + t.Errorf("Error rendering template %s from chart %s: %s", tc.file, chartPath, err) + } - if renderedObject["metadata"].(map[string]interface{})["namespace"] != nil { - assert.Equal(t, namespaceOverride, renderedObject["metadata"].(map[string]interface{})["namespace"], fmt.Sprintf("template %s from chart %s should have namespace %s", f.Name(), chartPath, namespaceOverride)) - } + type object struct { + Metadata metav1.ObjectMeta + } + var renderedObject object + helm.UnmarshalK8SYaml(t, output, &renderedObject) + assert.Equal(t, namespaceOverride, renderedObject.Metadata.Namespace) + }) } } From a4d4d2370a044ba3ee6d74e20b84b719ee08ef44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Fri, 7 Mar 2025 18:24:23 +0100 Subject: [PATCH 08/11] fix: missing import --- charts/gha-runner-scale-set/tests/template_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index c113b6c306..e158ee7812 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -2,11 +2,12 @@ package tests import ( "fmt" - "os" "path/filepath" "strings" "testing" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1alpha1 "github.com/actions/actions-runner-controller/apis/actions.github.com/v1alpha1" actionsgithubcom "github.com/actions/actions-runner-controller/controllers/actions.github.com" "github.com/gruntwork-io/terratest/modules/helm" From d2b7a8f72e663264091b1c9c15f5444184f79282 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Tue, 11 Mar 2025 14:26:14 +0100 Subject: [PATCH 09/11] chore: refactor tests according to PR review --- .../tests/template_test.go | 208 +++++++++++------- 1 file changed, 132 insertions(+), 76 deletions(-) diff --git a/charts/gha-runner-scale-set-controller/tests/template_test.go b/charts/gha-runner-scale-set-controller/tests/template_test.go index 7dfc9e0dae..269ddc03b0 100644 --- a/charts/gha-runner-scale-set-controller/tests/template_test.go +++ b/charts/gha-runner-scale-set-controller/tests/template_test.go @@ -17,6 +17,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) type Chart struct { @@ -1087,105 +1088,160 @@ func TestNamespaceOverride(t *testing.T) { releaseNamespace := "test-" + strings.ToLower(random.UniqueId()) namespaceOverride := "test-" + strings.ToLower(random.UniqueId()) - mustNotHaveNamespaceOverriden := []string{ - "manager_single_namespace_watch_role", - "manager_single_namespace_watch_role_binding", - } - options := map[string]*helm.Options{ - "_": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, + tt := map[string]struct { + file string + options *helm.Options + wantNamespace string + }{ + "deployment": { + file: "deployment.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "leader_election_role_binding": { + file: "leader_election_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + wantNamespace: namespaceOverride, }, "leader_election_role": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "replicaCount": "2", + file: "leader_election_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + wantNamespace: namespaceOverride, }, - "leader_election_role_binding": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "replicaCount": "2", + "manager_cluster_role_binding": { + file: "manager_cluster_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "manager_cluster_role": { + file: "manager_cluster_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "manager_listener_role_binding": { + file: "manager_listener_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + }, + wantNamespace: namespaceOverride, + }, + "manager_listener_role": { + file: "manager_listener_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "replicaCount": "2", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + wantNamespace: namespaceOverride, }, "manager_single_namespace_controller_role": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "flags.watchSingleNamespace": "true", + file: "manager_single_namespace_controller_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "true", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + wantNamespace: namespaceOverride, }, "manager_single_namespace_controller_role_binding": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "flags.watchSingleNamespace": "true", + file: "manager_single_namespace_controller_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "true", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + wantNamespace: namespaceOverride, }, "manager_single_namespace_watch_role": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "flags.watchSingleNamespace": "true", + file: "manager_single_namespace_watch_role.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "target-ns", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + wantNamespace: "target-ns", }, "manager_single_namespace_watch_role_binding": { - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "flags.watchSingleNamespace": "true", + file: "manager_single_namespace_watch_role_binding.yaml", + options: &helm.Options{ + Logger: logger.Discard, + SetValues: map[string]string{ + "namespaceOverride": namespaceOverride, + "flags.watchSingleNamespace": "target-ns", + }, + KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), + wantNamespace: "target-ns", }, } - templateFiles, err := os.ReadDir(filepath.Join(chartPath, "templates")) - require.NoError(t, err) - for _, f := range templateFiles { - fileExtension := filepath.Ext(f.Name()) - if fileExtension != ".yaml" && fileExtension != ".yml" { - continue - } - templateFile := filepath.Join("templates", f.Name()) - opts := options["_"] - for k := range options { - if strings.TrimSuffix(f.Name(), fileExtension) == k { - opts = options[k] - break - } - } - output, err := helm.RenderTemplateE(t, opts, chartPath, releaseName, []string{templateFile}) + for name, tc := range tt { + t.Run(name, func(t *testing.T) { + t.Parallel() + templateFile := filepath.Join("templates", tc.file) - if err != nil { - t.Errorf("Error rendering template %s from chart %s: %s", f.Name(), chartPath, err) - } - - var renderedObject map[string]interface{} - helm.UnmarshalK8SYaml(t, output, &renderedObject) - - if renderedObject["metadata"].(map[string]interface{})["namespace"] != nil { - mustHaveNamespaceOverriden := true - for _, ignoredItem := range mustNotHaveNamespaceOverriden { - if strings.TrimSuffix(f.Name(), fileExtension) == ignoredItem { - mustHaveNamespaceOverriden = false - break - } + output, err := helm.RenderTemplateE(t, tc.options, chartPath, releaseName, []string{templateFile}) + if err != nil { + t.Errorf("Error rendering template %s from chart %s: %s", tc.file, chartPath, err) } - if mustHaveNamespaceOverriden { - assert.Equal(t, namespaceOverride, renderedObject["metadata"].(map[string]interface{})["namespace"], fmt.Sprintf("template %s from chart %s should have namespace %s", f.Name(), chartPath, namespaceOverride)) - } else { - assert.NotEqual(t, namespaceOverride, renderedObject["metadata"].(map[string]interface{})["namespace"], fmt.Sprintf("template %s from chart %s should not have namespace %s", f.Name(), chartPath, namespaceOverride)) + + type object struct { + Metadata metav1.ObjectMeta } - } + var renderedObject object + helm.UnmarshalK8SYaml(t, output, &renderedObject) + assert.Equal(t, tc.wantNamespace, renderedObject.Metadata.Namespace) + }) } } From 33abaeb7e1f941f6e4938c1fa949134dd9a09afc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Wed, 12 Mar 2025 20:45:00 +0100 Subject: [PATCH 10/11] fix: CI --- .../gha-runner-scale-set-controller/tests/template_test.go | 7 ++++--- charts/gha-runner-scale-set/tests/template_test.go | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/charts/gha-runner-scale-set-controller/tests/template_test.go b/charts/gha-runner-scale-set-controller/tests/template_test.go index 269ddc03b0..aa8bd7b4f3 100644 --- a/charts/gha-runner-scale-set-controller/tests/template_test.go +++ b/charts/gha-runner-scale-set-controller/tests/template_test.go @@ -1227,13 +1227,14 @@ func TestNamespaceOverride(t *testing.T) { } for name, tc := range tt { + _tc := tc t.Run(name, func(t *testing.T) { t.Parallel() - templateFile := filepath.Join("templates", tc.file) + templateFile := filepath.Join("templates", _tc.file) - output, err := helm.RenderTemplateE(t, tc.options, chartPath, releaseName, []string{templateFile}) + output, err := helm.RenderTemplateE(t, _tc.options, chartPath, releaseName, []string{templateFile}) if err != nil { - t.Errorf("Error rendering template %s from chart %s: %s", tc.file, chartPath, err) + t.Errorf("Error rendering template %s from chart %s: %s", _tc.file, chartPath, err) } type object struct { diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index e158ee7812..a8cad1133c 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -2449,13 +2449,14 @@ func TestNamespaceOverride(t *testing.T) { } for name, tc := range tt { + _tc := tc t.Run(name, func(t *testing.T) { t.Parallel() - templateFile := filepath.Join("templates", tc.file) + templateFile := filepath.Join("./templates", _tc.file) - output, err := helm.RenderTemplateE(t, tc.options, chartPath, releaseName, []string{templateFile}) + output, err := helm.RenderTemplateE(t, _tc.options, chartPath, releaseName, []string{templateFile}) if err != nil { - t.Errorf("Error rendering template %s from chart %s: %s", tc.file, chartPath, err) + t.Errorf("Error rendering template %s from chart %s: %s", _tc.file, chartPath, err) } type object struct { From 79b2d94912821fccd1291a7b9ab3b1f947c069a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Fern=C3=A1ndez?= <7312236+fernandezcuesta@users.noreply.github.com> Date: Thu, 13 Mar 2025 09:10:48 +0100 Subject: [PATCH 11/11] fixup --- .../tests/template_test.go | 32 +++---------------- .../tests/template_test.go | 8 ++--- 2 files changed, 8 insertions(+), 32 deletions(-) diff --git a/charts/gha-runner-scale-set-controller/tests/template_test.go b/charts/gha-runner-scale-set-controller/tests/template_test.go index aa8bd7b4f3..a8623f2ec3 100644 --- a/charts/gha-runner-scale-set-controller/tests/template_test.go +++ b/charts/gha-runner-scale-set-controller/tests/template_test.go @@ -1128,30 +1128,6 @@ func TestNamespaceOverride(t *testing.T) { }, wantNamespace: namespaceOverride, }, - "manager_cluster_role_binding": { - file: "manager_cluster_role_binding.yaml", - options: &helm.Options{ - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "replicaCount": "2", - }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), - }, - wantNamespace: namespaceOverride, - }, - "manager_cluster_role": { - file: "manager_cluster_role.yaml", - options: &helm.Options{ - Logger: logger.Discard, - SetValues: map[string]string{ - "namespaceOverride": namespaceOverride, - "replicaCount": "2", - }, - KubectlOptions: k8s.NewKubectlOptions("", "", releaseNamespace), - }, - wantNamespace: namespaceOverride, - }, "manager_listener_role_binding": { file: "manager_listener_role_binding.yaml", options: &helm.Options{ @@ -1227,14 +1203,14 @@ func TestNamespaceOverride(t *testing.T) { } for name, tc := range tt { - _tc := tc + c := tc t.Run(name, func(t *testing.T) { t.Parallel() - templateFile := filepath.Join("templates", _tc.file) + templateFile := filepath.Join("./templates", c.file) - output, err := helm.RenderTemplateE(t, _tc.options, chartPath, releaseName, []string{templateFile}) + output, err := helm.RenderTemplateE(t, c.options, chartPath, releaseName, []string{templateFile}) if err != nil { - t.Errorf("Error rendering template %s from chart %s: %s", _tc.file, chartPath, err) + t.Errorf("Error rendering template %s from chart %s: %s", c.file, chartPath, err) } type object struct { diff --git a/charts/gha-runner-scale-set/tests/template_test.go b/charts/gha-runner-scale-set/tests/template_test.go index a8cad1133c..790f44e0c2 100644 --- a/charts/gha-runner-scale-set/tests/template_test.go +++ b/charts/gha-runner-scale-set/tests/template_test.go @@ -2449,14 +2449,14 @@ func TestNamespaceOverride(t *testing.T) { } for name, tc := range tt { - _tc := tc + c := tc t.Run(name, func(t *testing.T) { t.Parallel() - templateFile := filepath.Join("./templates", _tc.file) + templateFile := filepath.Join("./templates", c.file) - output, err := helm.RenderTemplateE(t, _tc.options, chartPath, releaseName, []string{templateFile}) + output, err := helm.RenderTemplateE(t, c.options, chartPath, releaseName, []string{templateFile}) if err != nil { - t.Errorf("Error rendering template %s from chart %s: %s", _tc.file, chartPath, err) + t.Errorf("Error rendering template %s from chart %s: %s", c.file, chartPath, err) } type object struct {